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BACKGROUNfD 



1. Field 

The present invention relates to the field of cryptography. More particularly, the 
present invention relates to a circuit and method for providing secure communications 
5 between devices. 

2. General Background 

It is well known that computers can be used to process and store sensitive 
information in a digital form. For example, computers may be used to conduct financial 
transactions such as adjusting credit card or bank account balances, metering electronic 
1 0 content usage, and the like. Due to the sensitive nature of this information, it has become 
necessary to ensure that its integrity is protected during transmission between devices in 
different computers as well as between devices within the same computer. 

A number of cryptographic techniques are available to establish secure 
communications between two devices. Herein, communications are deemed "secure" 
1 5 when infomiation sent over a normally improtected communication medium is protected 
against observation, tampering, and replay of previously-recorded valid information. 
Some of these available cryptographic techniques involve a block cipher function and/or 
a stream cipher function. 

Referring to Figure 1, an illustrative embodiment of the general functionality of a 
20 conventional block cipher function is shown. In particular, a group of data bits (referred 
to as "incoming data") 110 is loaded into a cipher engine 100. Normally, (block) cipher 
engine 100 is software that produces an encrypted output "£(datay' 120 by successively 
encrypting groups of bits at a time in accordance with a predetermined symmetric key 
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encryption function. One example of a symmetric key encryption function includes Data 
Encryption Standard (DES) as set forth in Federal Information Processing Standards 
Publication 46-2 published on or around December 30, 1993. A significant disadvantage 
associated with many block cipher functions is that they cannot support secure 
5 communications at a high transmission rate. Rather, significant latency is reaUzed 
between the receipt of incoming data 110 and the production of encrypted output 120. 

As shown in Figure 2, an illustrative embodiment of the general functionality of a 
conventional stream cipher function is shown. In particular, a set of bits (referred to as 
^'configuration data") 210 is loaded into a cipher engine acting as a pseudo-random 

10 stream generator 200. When configuration data 210 is keying material, a pseudo-random 
stream generator 200 produces a pseudo-random stream 220 that can operate effectively 
as a One-Time Pad (OTP). Namely, pseudo-random stream 220 may be used to encrypt 
(or decrypt) data 230 by exclusively OR'ing (XOR'ing) data 230 with pseudo-random 
stream 220. This operation produces an encrypted (or decrypted) data stream 240 and 

1 5 causes minimal latency because pseudo-random stream 220 may be pre-computed. While 
this approach protects against eavesdropping and replay attacks on the communication 
stream, it is extremely susceptible to tampering or inadvertent corruption because a 
targeted bit of data 230 may be altered in a coherent and intended manner by modifying a 
selected bit of encrypted data stream 240. 

20 In an effort to overcome this tampering susceptibility, an integrity checksum 250 

may be generated concurrently with encrypted data stream 240. Integrity checksum 250 
accompanies encrypted data stream 240 and is used to determine whether data stream 240 
has been modified during transmission. One type of integrity checksum is in accordance 
with DES Message Authentication Code (MAC), which is calculated using a block 

25 ciphering function. However, the use of a DES MAC integrity checksum in combination 



042390.P6514 



.2- 



WWS^vlr 



with stream ciphering would reintroduce the latency disadvantages realized by block 
ciphers. 

Hence, it is desirable to develop an efficient and cost effective technique by which 
various devices may securely communicate with each other with minimal latency. 
Similarly, an integrity mechanism for such conmiunication may alternatively be used in 
the absence of encryption to provide for a high-integrity, low-latency communication 
channel. 
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SUMMARY 



Briefly, one embodiment of the invention is a method for securing 
communications between a first device and a second device. The method comprises (i) 
mutually authenticating the first device and the second device, (ii) generating an integrity 
5 check value by the first device, and (iii) sending the integrity check value with a message 
from the first device to the second device. 
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BRIEF DESCRIPTION QF THE DRAWINGg 

The features and advantages of the present invention will become apparent from 
the following detailed description of the present invention in which: 

Figure 1 is an illustrative embodiment of the general fiinctionality of a 
5 conventional block cipher function. 

Figure 2 is an illustrative embodiment of the general functionality of a 
conventional stream cipher function. 

Figure 3 an illustrative embodiment of an electronic system employing the present 
invention. 

10 Figure 4A is an illustrative embodiment of a second device of the electronic 

system of Figure 3. 

Figure 4B is an illustrative embodiment of communication logic of the second 
device of Figures 3 and 4A. 

Figure 5 is an illustrative embodiment of a first device of the electronic system of 
15 Figure 3. 

Figures 6A and 6B are illustrative block diagrams of a first embodiment of an 
integrity check value (ICV) generator employed in the second device of Figures 3 and 
4A. 

Figure 7 is an illustrative block diagram of a second embodiment of the ICV 
20 generator employed in the second device of Figures 3 and 4A. 
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Figures 8A and 8B are illustrative flowcharts of the operations to establish and 
maintain secure communications between the first and second devices of Figure 3. 
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DETAILED DESCRIPTION 



The present invention relates to an electronic system and method for providing 
secure commimications between devices. More specifically, secure communications are 
maintained through use of an integrity check value (ICV) that accompanies a message in 

5 an encrypted or non-encrypted format. The ICV is used to determine whether the 

contents of a message have been modified diuing transmission. As described below, an 
efficient technique for producing the ICV without experiencing high latency quantitative 
definition involves bitwise multiplication and "exclusive OR" operations between data 
associated with the message (in its non-encrypted format) and coefficients of a matrix. 

10 The "coefficients" are selected bits &om a pseudo-random data stream created fix>m 
keying material used in communications between two or more devices. 

In the following description, certain terminology is used to describe certain 
features of the present invention. More specifically, an "electronic system" is defined as 
hardware implemented with a processor. Examples of an electronic system include a 

15 computer (e.g., laptop, desktop, hand-held, server, mainfi-ame, etc.), imaging equipment 
(e.g., printer, facsimile machine, scaimer, digital camera, etc.), set-top box (e.g., receiver 
or transceiver hardware for receipt of cable or satellite signals), wireless commimication 
equipment (e.g., cellular phone), a consumer electronic appliance and the like. A 
*'processor" includes logic capable of processing information such as a microprocessor, a 

20 microcontroller, a state machine and the like. 

A **bus" is generally defined as any medium over which information may be 
transferred such as, for example, electrical wire, optical fiber, cable, plain old telephone 
system (POTS) lines, wireless (e.g., satellite, radio firequency "RF", infixed, etc.) and the 
like. "Information" is defined as data, address, control or any combination thereof. A 
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"message" is generally defined as information intended to be transferred in a sequence of 
one or more transmissions. 

With respect to cryptography related terminology, the term "secure" generally 
indicates a condition where information is protected against observation, productive 

5 tampering, and replay. "Keying material" includes any encoding and/or decoding 
parameter used by cryptographic functions (also referred to as "ciphers" or "cipher 
functions") such as Data Encryption Standard (DES) for example. One type of parameter 
is a "symmetric key" which is a device-shared key held in secrecy by two or more 
devices. Another type of parameter includes an "asynmietric key" featuring a fu^t key 

10 (e.g., a public key) normally used for encryption and a second key (e.g., a "private" key) 
normally used for decryption. A "digital certificate chain" includes either a single digital 
certificate or an ordered sequence of digital certificates arranged for authorization 
pxirposes as described below, where each successive certificate represents the issuer of the 
preceding certificate. 

15 Referring to Figure 3, an illustrative embodiment of an electronic system 300 

employing the present invention is shown. Electronic system 300 comprises a first 
device (e.g., a processor) 310 and a second device 320. In this embodiment, second 
device 320 is a memory such as non-volatile memory (e.g., flash memory, any type of 
read only memory "ROM", battery-backed random access memory "RAM", or even 

20 volatile memory). First device 310 and second device 320 are placed in secure 

commimications with each other over a bus 330. As a result, access to storage area of 
second device 320 can be restricted to only authenticated processing logic devices such as 
first device 310. Similarly, first device 310 is capable of authenticating second device 
320 to achieve a high confidence level that data stored in second device 320 is valid. 
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Referring now to Figures 4A and 4B, an embodiment of second device 320 is 
shown. In Figure 4A, second device 320 includes a memory 400 and a small amount of 
communication logic 430 coupled together through a bus 435. In this embodiment, 
memory 400 includes keying material 420 and/or at least one digital certificate chain 410, 
5 which are stored normally at manufacture. Of course, it is contemplated that digital 
certificate chain 410 and/or keying material 420 may be produced and stored in memory 
400 after manufacture. 

In one embodiment, keying material 420 includes at least a private key of a 
device-specific asymmetric key pair used by communication logic 430 within second 

1 0 device 320, namely its cipher engine, to (i) encrypt or decrypt the information, or (ii) 
establish a session key used for that purpose. The pubUc key of the key pair is widely 
available to other systems as well as electronic system 300. For this embodiment, the 
"session" key is a temporarily key for use during a particular secure communications 
sequence and may be created in accordance with a well-known Diffie-Hellman technique 

15 as described in US Patent No. 4,200,770. Alternatively, keying material 420 may include 
a symmetric key, which may be used by cipher engines of both first device 310 and 
second device 320 to produce a session key. In lieu of or in addition to asymmetric 
and/or symmetric key(s), keying material 420 may temporarily store one or more session 
keys if memory 400 includes volatile memory. 

20 As shown in Figure 4B, communication logic 430 includes a cipher engine 440 

designed to perform cryptographic operations in accordance with a selected stream cipher 
such as, for example, DES operating in counter mode. When loaded with keying material 
420 such as a session key used in communications with first device 310 of Figure 3, 
cipher engine 440 produces a pseudo-random data stream 450. This data stream 450 

25 effectively operates as a One-Time Pad (OTP). For this embodiment, an ICV generator 
490 is used to generate a N-bit ICV 480 based on a portion 460 (e.g., group of bits or 
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bytes) of data stream 450 and data associated with a message 470. Optionally, this 
portion 460 may be used to generate N-bit ICV 480 based on address or other relevant 
information (e.g., data type) associated with message 470. The value of •'N" is 
determined by requirements of attack resistance, and may range from 16 to 32 for 
5 example. It is contemplated that this or another portion of data stream 450 may be used 
for encrypting/decrypting message 470 and/or ICV 480. 

Referring to Figure 5, an embodiment of first device 310 is shown. First device 
310 includes processing logic 500 and a small amount of internal memory 510, each 
contained in a package 520 and coupled to a bus 525. Memory 510 may include at least 

10 one digital certificate chain 530 and keying material 540, each of which is stored either at 
manufacture or after manufacture. Keying material 540 includes (i) one or more keys of 
an asymmetric key pair (e.g., its private key), (ii) a symmetric key, and/or (iii) one or 
more session keys. A stream cipher engine 550, either software loaded in memory 510 as 
shown, a part of processing logic 500 or a combination of both, is used to produce an 

1 5 OTP for encryption/decryption and data integrity verification when using an ICV. 

Referring now to Figure 6A, a block diagram illustrating a first embodiment of an 
integrity check value (ICV) generator 490 of Figure 4A that generates ICV 480 to 
accompiany message 470 in an encrypted or non-encrypted format is shown. Cipher 
engine 440 produces pseudo-random data stream 450 based on keying material 420. For 
20 this embodiment, pseudo-random data stream 450 includes at least thirty-five bits (r^y). A 
selected number of pseudo-random bits are extracted firom pseudo-random data stream 
450 in order to produce an integrity matrix 600. Herein, as shown in Figure 6B, the 
selected pseudo-random bits include roo-ro4, rjo-ri4, r2o-r24> ^Ao'^^y ^so'^sAy v^-r^ for 
example. 
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"Integrity matrix" 600 includes M rows 610, which corresponds to a group of M 
message bits 630 received for each transfer cycle in order to compute ICV 480 (**M" is a 
positive whole number). The number of reiterative transfer cycles needed to load the 
entire message and compute ICV is equivalent to the rounded-up whole number result of 
5 the size of the message (in bits) divided by M (in bits). Integrity matrix 600 further 

includes N columns 620, which dictate the size of ICV 480. Thus, the size of ICV 480 is 
programmable based on the selected column size (N) 620 of integrity matrix 600. 

During computations of ICV 480, arithmetic and logic operations are performed 
by calculation imit 640 on message 470 and contents of integrity matrix 600. More 

10 specifically, each group of M message bits 630 is bitwise multiplied with each coefficient 
of a corresponding row of integrity matrix 600 to produce resultant values. As shown in 
Figure 6B, message bits 630 include seven (M=7) bits identified as mo-m^. Thereafter, 
the resultant values within each column of integrity matrix 600 are XOR'ed together to 
produce a bit of ICV 480. Thus, as shown in Table 1, since integrity matrix 600 includes 

15 five columns (N=5), ICV 480 is represented as a five bit result (ICVj-ICVj) and is 
computed as follows: 



TABLE 1 



ICV bit 


COMPUTED VALUE 


ICV, 


moToo XOR m,r,(, XOR mjtzo XOR mjrjo XOR m4r4o XOR mjrjo XOR 


ICVj 


moTo, XOR m,r„ XOR mjTj, XOR mjrj, XOR m4r4, XOR mstj, XOR m^^^ 


ICV3 


vOfffa XOR in,r,2 XOR mjT^i XOR nijrjj XOR m^^2 XOR mjTjj XOR m^^ 


ICV4 


HioToj XOR m,r,3 XOR m2r23 XOR mjrjs XOR 1114143 XOR 10^x^3 XOR m^^a 


ICV5 


moTo* XOR m,r,4 XOR mjij* XOR 013134 XOR 014144 XOR 1115154 XOR m^^* 
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The changing of a single bit of message 470 results in the changing of statistically 
50% of the integrity bits, but in an externally unpredictable pattern. Since the receiving 
device regenerates the ICV based on the incoming message and knowledge of the session 
key, and uses it to validate the incoming ICV, an attack on the message (whether in 
5 cyphertext or plaintext form) in an attempt to create a fraudulent message that will be 
accepted as valid, must also correctly compute a corresponding ICV. Since the attacker 
does not know the coefficients of the matrix (not knowing the session key that produces 
the pseudo random stream), the probability of success is only 1 in 2^. 

Referring now to Figure 7, a block diagram illustrating a second embodiment of 
10 ICV generator 490 of Figure 4A producing an ICV 480 to accompany a message in an 
encrypted or non-encrypted format is shown. This embodiment utilizes a Toplitz matrix 
700 in lieu of integrity matrix 600 of Figures 6A and 6B. The reason is that it is expected 
that integrity matrix 600 would be changed in its entirety after each access. This places a 
significant bandwidth requirement on the pseudo-random bit stream generator. 

15 As shown, Toplitz matrix 700 includes M bits in a first column 710. These bits 

are repeated in successive columns 71 1-714 of matrix 700, but are rotated by at least one 
position to fill matrix 700. Thus, only M bits of pseudo-random data are required to 
repopulate matrix 700 on each access (when M ^ N). In this embodiment, N is less that 
or equal to M. Otherwise some bits of the resultant ICV would be identical and 

20 contribute nothing to increase tamper-resistance. 

During computations of ICV 480, each group of M message bits 720 is bitwise 
multiplied with each pseudo-random bit of a corresponding row of matrix 700 as denoted 
by "x" in Figure 7 to produce resultant values. Thereafter, the resultant values within 
each column of matrix 700 are XOR'ed together to produce a bit of ICV 480. Thus, as 
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shown in Table 2, since matrix 700 includes five columns (N=5), ICV 480 is represented 
as a five bit result (ICVi-ICVj) and is computed as follows: 

TABLE 2 



icy bit 


COMPUTED VALUE 


ICV, 


moTo XOR m,r, XOR hIjIz XOR mjfj XOR in4r4 XOR m^^ XOR m^f, 


ICV2 


moTfi XOR m,ro XOR m^h XOR mjFj XOR m4r3 XOR msr4 XOR m^s 


ICV3 


m^s XOR m.r^ XOR m^^, XOR mjr, XOR m^r^ XOR mic^ XOR m6r4 


ICV4 


mor4 XOR m,rj XOR mjc^ XOR m^ro XOR m4r, XOR nisFz XOR m^T, 


ICV5 


nvj XOR m,r4 XOR mifj XOR marj XOR m4ro XOR mjr, XOR 11^:2 



Referring to Figures 8 A and 8B, illustrative flowcharts of the operations for 
5 establishing and maintaining low-latency, secxire conmiunications between two devices 
implemented within an electronic system are shown. To establish secure communication 
between the two devices (e.g., processor 310 and memory device 320 of Figure 3), for 
example, two general operations may be performed; namely, (1) mutual authentication 
(challenge/response protocol) and session key development using the digital certificate 
10 chains of the devices, and (2) production of the ICV using the shared session key. These 
operations may be performed by hardware, software, or firmware. 

With respect to the first operation, a cipher engine at a first device (e.g., cipher 
engine 550 of processor 310 of Figure 5) issues a challenge to a cipher engine at a second 
device (e.g., cipher engine 440 of memory device 320 of Figure 4B) as shown in block 
15 800. For this embodiment, the "challenge" may include a random number and the pre- 
stored digital certificate chain associated with the processor. The cipher engine of the 
second device responds by returning at least the random number, either digitally-signed 
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with its intemally-stored device-specific private key or otherwise processed under a 
shared-secret challenge/response protocol. Additionally, the response may include its 
pre-stored digital certificate (block 805). The use of the digital certificate chains allows 
the first and second devices to mutually authenticate each other. The challenge/response 
5 procedure is then repeated with the roles of the two devices reversed, such that the second 
device challenges the first device. Thereafter, these cipher engines may operate in 
accordance with a well-known Diffie-Hellman technique in order to establish a session 
key between the two devices (block 810). 

Alternatively, the challenge/response authentication protocol can be combined 
1 0 with Diffie-Hellman session key establishment in the well-known technique of 

"authenticated key establishment' wherein the Diffie-Hellman values exchanged are 
digitally signed. 

With respect to the second operation, the session key (or a portion thereof) is 
input into a cipher engine to produce a pseudo-random data stream (block 815). This data 

1 5 stream is used as a One-Time Pad (OTP). Certain bits of the OTP are selected to 

populate an integrity matrix or a Toplitz matrix as described above (block 820). The bit 
selection may be based on predetermined bit locations of the OTP. As shown in Figures 
6A, 6B and 7, by performing bitwise multiplication on a message and corresponding rows 
of the matrix followed by separate XOR operations on the resultant values along columns 

20 of the matrix, an integrity check value (ICV) is produced (block 825). 

Thereafter, if encryption is desired, a different portion of the OTP is logically 
XOR'ed with a message in its non-encrypted form prior to transmission to a cipher 
engine at the destination (e.g., cipher engine 440 of second device 320 in Figure 4A) as 
shown in blocks 830 and 835. This XOR'ing may be performed in serial bitwise fashion 
25 or in parallel with any number of bits in order to encrypt the digital information. 
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Likewise, the ICV may be encrypted through the same XOR operation (blocks 840 and 
845). This encryption protocol is extremely efficient because message encryption, ICV 
computation, and ICV encryption can be theoretically and practically performed in a 
single clock cycle. The output (the message and ICV) are transferred to the second 
5 device (destination) as shown in block 850. 

At the destination (second device), cipher engine 440 of Figure 4 A is used to 
decrypt the incoming information by again XOR'ing that information with identical 
portions of the identically-generated OTP in order to obtain the information in a non- 
encrypted form (blocks 855 and 860). This mechanism requires the generation of the two 

10 pseudo-random data streams in synchronization, typically assured by always processing 
the same amount of information at both the second and first devices. This assures that the 
pseudo-random data stream is "consumed" at a matching rate. Placement of DES into a 
counter mode provides for easy maintenance of synchronization because the coxmter 
values in use by each pseudo-random stream generator need not be kept secret and may 

15 be exchanged "in the clear" between the two devices. If synchronization is ever lost, the 
counter containing the "lower" counter value is simply set forward to match the contents 
of the other counter. Because the counter can never be "set back", the pseudo-random 
stream can never be forced to repeat, which is a critical feature to allow its use as an OTP. 
If the counter ever reaches its maximum value, a new session key must be negotiated to 

20 create an entirely new OTP. Note that the above procedures are directed to the use of 
"DES" cipher, but it is anticipated that other stream ciphers that may not use pseudo- 
random streams may be employed. 

Thereafter, the recovered ICV is compared with the ICV generated at the second 
device (blocks 865 and 870). If a match is detected, the communications are secure 
25 (block 875). Otherwise, communications are insecure (block 880). An error would likely 
be reported to the user warning that the communications are not secure. 
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Of course, there exist alternative methods for authentication and session key 
development. For example, well-known in the art, shared-secret symmetric keys may be 
used to exchange information in order to produce one or more temporary session keys 
therefrom. The present invention may utilize this type of authentiaation method instead 
5 of the method described in Figures 8 A and 8B. 

While certain exemplary embodiments have been described and shown in the 
accompanying drawings, it is to be understood that such embodiments are merely 
illustrative of and not restrictive on the broad invention, and that this invention not be 
limited to the specific constructions and arrangements shown and described, since various 
1 0 other modifications may occur to those ordinarily skilled in the art. 
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